CMS WebManager-Pro Vulnerabilities

2011.10.12
Credit: MustLive
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-4899 | CVE-2010-4900
CWE: CWE-89
CWE-20

Hello Bugtraq! I want to warn you about SQL Injection and Redirector (URL Redirector Abuse) vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version()=5 Redirector: http://site/c.php?id=1&url=http://websecurity.com.ua Affected products: both systems CMS WebManager-Pro from two developers. Vulnerable are versions CMS WebManager-Pro up to 8.1 (version from WebManager). Also SQL Injection (but not Redirector) exists in version of the system from FGS_Studio. Vulnerable are CMS WebManager-Pro v.7.4.3 (version from FGS_Studio) and previous versions. Developers from WebManager fixed SQL Injection vulnerability (but didn't fix Redirector) in version CMS WebManager-Pro 8.1. Developers from FGS_Studio didn't fix SQL Injection vulnerability. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4146/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

References:

http://www.securityfocus.com/archive/1/archive/1/513485/100/0/threaded
http://websecurity.com.ua/4146/
http://packetstormsecurity.org/1009-exploits/webmanagerpro-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top